HIPAA and Meaningful Use Audits and The Security Risk Analysis Nexus

Phone (215) 735-2384

Federal scrutiny of physician privacy and security practices is on the rise. The Department of Health and Human Services’ Office of Civil Rights (OCR) is currently auditing covered entities – including small physician practices – for compliance with HIPAA, including the Security Rule and its requirement to conduct a security risk analysis (SRA). At the same time, the Centers for Medicare and Medicaid Services (CMS) and its contractor, Figliozzi & Co., is auditing physicians and practices that have participated in the Meaningful Use program. More than half of those who participated in 2013 are reported to have failed to meet the requirements to successfully report under Meaningful Use. Similarly, after conducting a pilot audit program in 2011, the OCR found that 47 out of 59 providers audited had no complete SRA, and 58 out of 59 had at least one problem with HIPAA security compliance. The SRA represents the keystone for a practice’s entire approach to ensuring the security of electronic protected health information and complying with HIPAA. If your practice hasn’t conducted an SRA, or you are unsure about whether you have, it’s time to start paying attention. Under the Meaningful Use program, failure to conduct a SRA or meet any of the other Meaningful Use requirements means the participant must return its entire incentive payment, and may subject the participant to a 1% payment reduction for all Medicare payments. Likewise, failure to comply with Security Rule requirements – many of which require that a SRA have been conducted, may result in the imposition of fines and require a physician to enter into a resolution agreement with the OCR. Dan Shay explores these issues, and offers practical guidance on how to comply with these requirements, in his chapter for the 2015 HEALTH LAW HANDBOOK, “HIPAA and Meaningful Use Audits and The Security Risk Analysis Nexus.”

Latest Issues

Follow our opinions on the latest issues affecting health care regulation.

› Read Latest Issues

Speeches

› Teleconference Registration

Products

Expand your reference library and your expertise in health care regulation.

› Browse Products

Stay up to date on health care regulation issues by becoming a member.

› Subscribe

Alice G. Gosfield and Associates, P.C. (“AGGA”) reserves the right to change the information on this website without notice. We make no representations about the accuracy or completeness of the information on this website or that material available from this site is free of viruses. Links on this website to other websites are for informational purposes only. They are not intended to constitute endorsements of or referrals to the entities or the products of the entities to which the links connect. AGGA is not responsible for the privacy practices of other web sites.

Access to this website shall not create nor be construed to create any attorney-client or business associate relationship between persons accessing the site and AGGA or any of its attorneys. The materials published and made available on this website are for information purposes only and should not be construed as legal advice or legal opinion on any specific facts or circumstances. Users of and visitors to the website should not act upon information on the website without first seeking legal counsel.

If you have any questions about this Disclaimer or the Website Privacy Policy, please contact us at info@gosfield.com.